Paul Nasrat wrote: > You've also changed the rule to use Current mode not Mode from > config file, was this intentiional have you tested on rhel4, rhel5, > rhel6 and non-rhel selinux systems?
It seems like a different bug that the current fact was grepping
"Policy from config file:" from the sestatus output for selinux_mode.
That's not the mode, it's the policy type. Using "Mode from config
file:" would have been more accurate for selinux_mode. But IMO using
"Current mode:" seems even better (assuming it falls back properly if
older systems lack that in the sestatus output).
Whether folks were using the selinux_mode fact to get what was really
the selinux policy type and will be burned by this change is another
matter, of course.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I have to decide between two equally frightening options. If I wanted
to do that, I'd vote.
-- Duckman
pgp9DZsXiTTdc.pgp
Description: PGP signature
